Re: [squid-users] Copy and send decrypted HTTPS traffic to specific location
On 09/04/2016 08:40 AM, Wesley Whitteker wrote: > I've been doing some testing with Squid and am currently using it to > decrypt HTTPS flows (i.e. MITM Proxy). I also have the C-ICAP feature > working. > > Now, I'm trying to determine if Squid has the capabilities to send a > copy of decrypted HTTPS traffic out a particular port on the HW platform > I'm running squid on -- any ideas if this has/can be done? This is possible using ICAP or eCAP interfaces: Folks write ICAP or eCAP adapters that reassemble TCP/IP traffic based on the adaptation messages those adapters receive from Squid and inject that TCP/IP traffic into the network. Needless to say, the injected traffic is not exactly the same as the original would have been, but the differences are usually not important for the logging and analysis tools that receive the injected TCP/IP packets. It works pretty well, actually. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Copy and send decrypted HTTPS traffic to specific location
On 5/09/2016 2:40 a.m., Wesley Whitteker wrote: > Hello Folks, I've been doing some testing with Squid and am currently > using it to decrypt HTTPS flows (i.e. MITM Proxy). I also have the > C-ICAP feature working. > > Now, I'm trying to determine if Squid has the capabilities to send a > copy of decrypted HTTPS traffic out a particular port on the HW > platform I'm running squid on -- any ideas if this has/can be done? No it does not. To do that you should use an ICAP service designed to do unnatural things to the messages it gets delivered. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Copy and send decrypted HTTPS traffic to specific location
Hello Folks, I've been doing some testing with Squid and am currently using it to decrypt HTTPS flows (i.e. MITM Proxy). I also have the C-ICAP feature working. Now, I'm trying to determine if Squid has the capabilities to send a copy of decrypted HTTPS traffic out a particular port on the HW platform I'm running squid on -- any ideas if this has/can be done? Thanks! ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
